ACI Tenant Policy Model (or ACI Logical Constructs)

Cisco ACI is a policy based fabric. This means that the complete environment is modelled in objects. When you look at the ACI fundamentals guide you’ll find the model explained in steps. This post covers the tenant policy model. The tenant policy model is a part of the overall model directly located under the root of the model. This shows that the tenant policy model is one of the most important parts of ACI.

IT blog awards

I’m honored and thrilled to be nominated as an IT Blog Award finalist in the category “most educational”. This blog started as a way to help myself learn stuff. I try to put things in words that are easy to understand. This nomination is a sign that I’m doing something right with this. Especially when you see my fellow nominees in this category. Each of those blogs are awesome and I’m honored (yes, I said that already) to be listed among them.

ACI Release 5.1 New Features

On October 26, 2020 Cisco released ACI version 5.1. As has been customary for me I write a blogpost about this new ACI version looking into some of the new features. When we look into the release notes of version 5.1 it would appear that there aren’t any major new features. The biggest new features aren’t listed in the release notes at this time. That might be because some of these features are as of yet undocumented.

ACI and Ansible

ACI is made for automation. There are a lot of blog posts about automating ACI out there, but this is some documentation of my own progress on this matter. I’m no complete beginner in the field of automation. When I stage an ACI environment for a customer I use several scripts that automate almost 95% of the process for me. However, these scripts are home grown and one of the issues I encounter is the lack of portability to other engineers (as I know the scripts by heart and know which things work and which do not).

Endpoint Security Groups Explored

In my post about the new features of ACI 5.0 (link) I explained the concept of the ESG shortly. This post explores the Endpoint Security Groups in more detail. First we need to appreciate the fact that the introduction of the Endpoint Security Groups is the biggest change in the tenant policy model since ACI’s inception. The tenant policy model hasn’t changed in any major way since ACI 1.0 (as far as I know).

ACI Release 5.0 New Features

Yesterday, on the 14th of May 2020 Cisco released ACI 5.0. The fifth major release of ACI. This post will explore some of the new features to be found in this version. And there are some major new features to be found in this version. I’m especially excited about the possibility to create true physical multi-tenancy and ESG’s. But there’s more to be found. Let’s start. Hardware and Scale ACI 5.

ACI PBR Firewall Insertion

I’m working on a series of posts concerning service graphs in ACI. In order for these posts I configured some stuff in my lab to demonstrate these functions. The series will take a long time for me to complete. To bridge the time between posts I decided to create a post about the PBR firewall integration I did in my lab. This post does not cover reasons for using PBR in great detail, but in my opinion the PBR type of service graphs are the most likely type to be encountered.

ACI L4L7 Service Insertion Pt. 1

Service Graphs are one of the most important features in ACI. The idea behind these service graphs is that you can create an application chain within ACI. Even better, you can configure the L4 to L7 devices directly from within ACI in an automated manner. Many of my customers have several questions about service insertion. The question I get asked the most is “should I use service graphs?”. The answer to this question, as usual, is: “It depends”.

New ACI lab

Earlier this evening I sent out a tweet with a photo depicting the new ACI lab we received at Axians (my employer). I thought I’d share some more details about this lab with everybody who’s interested. Shiny new equipment. 😎 Look at our awesome new #ACI lab. Going to be a multi-site setup. This is going to be super helpful in servicing our customers. @AxiansNL #Cisco — Michael van Kleij (@mvankleij_nl) January 23, 2020 Goal One aspect of my job is to design, build and implement ACI networks for our customers.

ACI Access Model

We’ve learned about the ACI object model in reference to the Tenants. However, to apply an EPG to a port you need the Access Policy Model. The access policy model consists of a few object in the model that in the end make up the configuration of the physical port on a switch. This chapter will cover all the objects in the image above. Vlan Pools A vlan pool is a set of vlans that can be used at a later time in the policy.